I've used Linux so much, I initially read the title as "Window (singular) Server Vulnerability...", leading me to wonder what was wrong with Xorg this time...
"We have tried to avoid paragraph-length footnotes in this book, but X has defeated us by switching the meaning of client and server. In all other client/server relationships, the server is the remote machine that runs the application (i.e., the server provides services, such as database service or computational service). For some perverse reason that's better left to the imagination, X insists on calling the program running on the remote machine "the client." "
Things are complicated when the remote computer calls your desktop. But that's how X works.
That's also why once in a while somebody discover a completely unexpected vulnerability on it that, although simple nobody thought about it before. Things are so non-intuitive that it's hard even to talk about them.
Yet, somehow it works. And works quite well. I imagine the authors of that book are quite annoyed by how Unix evolve to work really well, and still avoided fixing any fundamental problem.
Is the whole book full of misunderstandings like that?
There may be a point to arguing that X should use an Remote Desktop model (like Windows or VNC) instead of an Window Server model, but the terminology is correct for how X works.
No, Xorg (or at least the component of Xorg I think you're thinking about) is the server -- specifically, the display server.
Clients -- the individual applications you run -- connect to the display server to draw themselves. (so, e.g., xeyes, xlogo, Firefox, etc. are the clients).
Xwindows is a server in the same sense that a network printer (or print server) is a server: it sits there waiting to receive network connections from clients, and it allows whoever connects to do stuff which is tangible to the user.
The fact that you're interacting with it makes it also feel like a kind of client. But technically, the clients are asking X to allow them interact with you. Though one of the things you may do with X is control launcher software that ends up starting more clients which interact with you through X.
